diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 6109464..64ad47a 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -1,11 +1,15 @@ name: PR Checks on: + workflow_dispatch: push: branches: [main] pull_request: branches: [main] +permissions: + contents: read + jobs: pr-checks: strategy: @@ -204,10 +208,10 @@ jobs: # unfortunately for nightly builds the tag name does not match with the version name # (as it does for releases). So, we need to download by tag name and then check the version name. - LATEST_NIGHTLY_TAG="$(gh api "repos/dsp-testing/codeql-cli-nightlies/releases" --jq ".[] | select(.draft == false) | .tag_name" | head -1)" + LATEST_NIGHTLY_TAG="$(gh api "repos/dsp-testing/codeql-cli-nightlies/releases" --jq ".[] | select(.draft == false) | .tag_name" | sed '1!d')" # slightly hacky way of getting the version. Hopefully, we don't change how we format the release body. - LATEST_NIGHTLY_VERSION="$(gh api "repos/dsp-testing/codeql-cli-nightlies/releases" --jq '.[] | select(.draft == false) | .body '| head -n 1 | awk '{print $4}')" + LATEST_NIGHTLY_VERSION="$(gh api "repos/dsp-testing/codeql-cli-nightlies/releases" --jq '.[] | select(.draft == false) | .body '| sed '1!d' | awk '{print $4}')" echo "Download nightly version $LATEST_NIGHTLY_VERSION and tag $LATEST_NIGHTLY_TAG" gh codeql set-channel nightly diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 0000000..2a87220 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +* @github/codeql-experiences diff --git a/README.md b/README.md index 4e6f105..0f77c2f 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,11 @@ This CLI extension exposes the [CodeQL CLI](https://codeql.github.com/docs/codeq ## Installation -Once you have installed the GitHub CLI (version 2.0 or higher), run `gh extensions install github/gh-codeql`. +Once you have installed the GitHub CLI (version 2.0 or higher), run: + +```bash +gh extensions install github/gh-codeql +``` ## Usage @@ -32,6 +36,10 @@ Current version: not specified. You should be able to prefix any `codeql` command you run with `gh` to automatically download the selected version (by default: the latest release version at the time you first run it) and delegate to it. +### Support + +This extension is owned by the CodeQL team. If you have any problems or feature requests, please raise them in the [CodeQL repository](https://github.com/github/codeql). + ### Channels There are two channels: "release" and "nightly". You are on the release channel by default, and switching channels unpins the selected version (meaning that, unless you run `gh codeql set-version`, the latest version of the current channel will be selected the next time you run a command). @@ -60,4 +68,4 @@ This extension is newly released and under active development. Contributions are This extension is released by GitHub under the MIT License. For the full text of this, please consult our [LICENSE.md](LICENSE.md) file. -Note that this license applies only to the extension in this repository, for more information on the license governing use of the CodeQL CLI that it uses, please consult the [GitHub CodeQL Terms and Conditions](https://securitylab.github.com/tools/codeql/license/). In particular, note that there are restrictions on how you may use the the CodeQL CLI on code that is not released under an OSI-approved open source software license. \ No newline at end of file +Note that this license applies only to the extension in this repository, for more information on the license governing use of the CodeQL CLI that it uses, please consult the [GitHub CodeQL Terms and Conditions](https://securitylab.github.com/tools/codeql/license/). In particular, note that there are restrictions on how you may use the the CodeQL CLI on code that is not released under an OSI-approved open source software license. diff --git a/gh-codeql b/gh-codeql index 062c74a..6aa451a 100755 --- a/gh-codeql +++ b/gh-codeql @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e debug="$(gh config get extensions.codeql.debug 2> /dev/null)" || : # Suppress an error and return empty if the field doesn't exist